2 Replies Latest reply: Nov 6, 2014 6:57 AM by Florin Carlig

SHA-1, replace with SHA-2 Certificates

Simon Darby Nov 3, 2014 3:13 PM

Does anyone know anything about the impact or plans for BC concerning SHA-1 and SHA-2 certificates? Google and Microsoft plan to change their browsers regarding certificates. And this may impact payment gateways.

Our clients have started to receive notifications from their payment gateway providers that they must update to SHA-2. From what I have read, this stems from a problem with SSLv3.0 (POODLE - "Padded Oracle" exploit). SSLv3.0 support will be disabled I understand. I assume that this will concern BC payment gateways. Could the Adobe BC team comment on this please? Thanks!

1. Re: SHA-1, replace with SHA-2 Certificates

Liam Dilley Nov 3, 2014 4:30 PM (in response to Simon Darby)

Hi Simon,
BC has already stated it wont be effected by Poodle and andy changes etc.
Authorize.net SSLv3 shutdown, Poodle vulnerability - BC is not affected
Like Show 1 Like (1)

Actions
2. Re: SHA-1, replace with SHA-2 Certificates

Florin Carlig Nov 6, 2014 6:57 AM (in response to Simon Darby)

Hi Simon,

We are committed to use latest security standards, we constantly review policies and try to accommodate latest certificate standards and other security measures or updates. The SHA-1 certificate is not related to the Poodle vulnerability, and as Liam mentioned, we're not affected by the Poodle vulnerability: Authorize.net SSLv3 shutdown, Poodle vulnerability - BC is not affected

Thanks,
Florin
Like Show 0 Likes (0)

Actions

Go to original post

Legend

Correct Answers - 10 points